#!/bin/bash
## BEGIN INIT INFO
# Provides: sandbox
# Default-Start: 5
# Default-Stop: 0 1 2 3 4 6
# Required-Start:
#              
## END INIT INFO
# sandbox:        Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
#
# chkconfig: 5 1 99
#
# Description: sandbox is using pam_namespace to share the /var/tmp, /tmp and 
#              /home/sandbox accounts.  This script will setup the / mount 
#              point as shared and all of the subdirectories just these 
#              directories as unshared.
#

# Source function library.
. /etc/init.d/functions

LOCKFILE=/var/lock/subsys/sandbox

base=${0##*/}

case "$1" in
    start)
	[ -f "$LOCKFILE" ] && exit 0

	touch $LOCKFILE
	mount --make-rshared /
	mount --bind /tmp /tmp
	mount --bind /var/tmp /var/tmp
	mount --bind /home /home
	mount --make-private /home
	mount --make-private /tmp
	mount --make-private /var/tmp
	RETVAL=$?
	exit $RETVAL
	;;

    status)
	if [ -f "$LOCKFILE" ]; then 
	    echo "$base is running"
	else
	    echo "$base is stopped"
	fi
	exit 0
	;;

    stop)
	rm -f $LOCKFILE
	exit 0
	;;

    *)
	echo $"Usage: $0 {start|stop}"
	exit 3
	;;
esac